Role in IT decision-making process:Align Business & IT GoalsCreate IT StrategyDetermine IT NeedsManage Vendor RelationshipsEvaluate/Specify Brands or VendorsOther RoleAuthorize PurchasesNot Involved

Work Phone:

Company:

Company Size:

Industry:

Street Address

City:

Zip/postal code

State/Province:

Country:

Occasionally, we send subscribers special offers from select partners. Would you like to receive these special partner offers via e-mail?YesNo

Your registration with Eweek will include the following free email newsletter(s):News & Views

By submitting your wireless number, you agree that eWEEK, its related properties, and vendor partners providing content you view may contact you using contact center technology. Your consent is not required to view content or use site features.

By clicking on the "Register" button below, I agree that I have carefully read the Terms of Service and the Privacy Policy and I agree to be legally bound by all such terms.

U.S. Government to Put Cyber Katrina to the Test

Government agencies are conducting electronic war games called "Operation Cyber Storm" that mimic the effects of massive cyber-attacks and physical attacks.

U.S. Government agencies are conducting electronic war games this week to test the governments ability to respond to the digital equivalent of Hurricane Katrina.

The exercise, dubbed "Operation Cyber Storm," was postponed for two months because of Katrina, but will take place between Feb. 6 and Feb. 10.

The exercise will mimic the effects of a large-scale cyber-attack that affects the IT, transportation, energy and telecommunications sectors, according to published information.

The exercise is sponsored by the Department of Homeland Securitys NCSD (National Cyber Security Division). Representatives from a number of U.S. government agencies will participate, including the Departments of Commerce, Defense, Energy, Justice and Transportation.

Details about the specific scenario that is being used in Cyber Storm are not public. However, the government has said the test scenario will involve cyber-attacks and physical attacks that disrupt transportation and energy infrastructure, coupled with attacks on the state and federal IT infrastructure that undermine the publics confidence by crippling its ability to deliver public services and respond to the attacks.

The exercise is designed to assess the governments ability to communicate internally with the private sector about situational awareness, decision making and proper response to attacks.

DHS has said little publicly about the war game, despite recent news articles. The agencys silence prompted inquires to The SANS ISC (Internet Storm Center) from IT administrators around the globe who were concerned that their networks might be affected, said Marc Sachs, an ISC volunteer.

"People are worried that DHS is about to hack the planet," he said.

Despite its name, Cyber Storm is more akin to a "tabletop" exercise than a real-life simulation of a cyber-attack. It is designed, primarily, to test the mettle of high-level government decision-makers, Sachs said.

"The general idea is to do simulated tests. Theyre not firing live bullets," he said. "The senior people dont need the technical side to make decisions. They know what a [denial-of-service] attack is like."

Cyber Storm was originally scheduled for Nov. 2005, but was postponed because of the governments need to respond to Hurricane Katrina in Mississippi and Louisiana. Ironically, that natural disaster created real-life versions of many of the conditions that government planners will test this week.

But Cyber Storm is designed to prevent the kinds of mishaps and miscommunications between agencies that respond to cyber threats as those that marred the response to Katrina, Sachs said.

"With Katrina, the problem was with the very senior decision-makers. Once the senior people got their act together, you saw the lower level decision-makers start to coordinate," he said.

/zimages/4/28571.gifCheck out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.